<?
	header('Content-type: text/xml');
	require_once("db.php");
	
	$usuario = $_POST['usuario'];
	$senha = $_POST['senha'];
	
	$query = 'SELECT `id`, `nome`, `usuario`, `senha` FROM `usuario` WHERE `usuario` = "'.$usuario.'" AND `senha` = "'.md5($senha).'"';
	$result = mysql_query($query) or die(mysql_error());

	while($row = mysql_fetch_object($result))
	{
		$data = $row;
	}
	
	$resultMessage =   "<?xml version='1.0' encoding='UTF-8'?>
						<info>
							<user>$data->nome</user>
						</info>";
	$charDeny = array("\n","\t");
	$resultMessage = str_replace($charDeny,"",$resultMessage);

	if ($data)
	{
		session_start();
		$_SESSION['usuarioID'] = $data->id;
		$_SESSION['usuarioNOME'] = $data->nome;
		$_SESSION['usuarioUSUARIO'] = $data->usuario;
	}
	
	echo $resultMessage;
?>